CVE-2023-26256
published 2023-02-28CVE-2023-26256: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.62%
95.5th percentile
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stagil | stagil_navigation | < 2.0.52 | 2.0.52 |
Detection & IOCsextracted from sources · hover to see the quote
url/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime
- →Look for GET requests to /plugins/servlet/snjFooterNavigationConfig with a fileName parameter containing path traversal sequences (e.g., ../../../../etc/passwd).
- →Responses containing the literal string '$textMime' in the HTTP header indicate successful exploitation of the LFI vulnerability.
- →Responses matching the regex 'root:[x*]:0:0' in the body confirm /etc/passwd file read via path traversal.
- →Use Shodan/FOFA queries targeting Jira instances (title:Jira / title=jira) to identify potentially vulnerable exposed endpoints.
- ·The vulnerability is unauthenticated (PR:N/UI:N), meaning no credentials are required to exploit the path traversal via the fileName parameter. ↗
- ·The fileMime parameter value '$textMime' appears literally in the response header upon successful exploitation and can serve as a reliable detection signal.
- ·EPSS score of 0.9177 (99.687th percentile) indicates very high likelihood of active exploitation in the wild.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g279-3gh8-w39f: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
ghsa_unreviewed·2023-02-28
CVE-2023-26256 [HIGH] CWE-22 GHSA-g279-3gh8-w39f: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
VulnCheck
stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2023·CVSS 7.5
CVE-2023-26256 [HIGH] stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
stagil stagil_navigation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
Affected: stagil stagil_navigation
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://isc.sans.edu/diary/rss/30038; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-04&host_type=src&vulnerability=cve-2023-26256; https://dashboard.shadowserver.org/st
No detection rules found.
Nuclei
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2023-26256 [HIGH] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Template:
id: CVE-2023-26256
info:
name: STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
author: pikpikcu
severity: high
description: |
STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFoot
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
arXiv
RuleForge: Automated Generation and Validation for Web Vulnerability Detection at Scale
arxiv_fulltext·2026-04
RuleForge: Automated Generation and Validation for Web Vulnerability Detection at Scale
: Automated Generation and Validation for Web Vulnerability Detection at Scale
Ayush Garg
[email protected]
USA
Sophia Hager
0009-0000-8470-8900
[email protected]
Johns Hopkins University
USA
Jacob Montiel
0000-0003-2245-0718
[email protected]
Amazon Web Services
USA
Aditya Tiwari
[email protected]
Amazon Web Services
USA
Michael Gentile
[email protected]
Amazon Web Services
USA
Zach Reavis
[email protected]
Amazon Web Services
USA
David Magnotti
[email protected]
Amazon Web Services
USA
Wayne Fullen
0009-0001-7666-6744
[email protected]
Amazon Web Services
USA
A. Garg et at.
## Abstract
Security teams face a challenge: the volume of newly disclosed Common Vulnerabilities and Exposures (CVEs) far exceeds the capacity to manually develop detection mechanisms. In 2025
https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26256.mdhttps://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloudhttps://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26256.mdhttps://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud
2023-02-28
Published
Exploited in the wild